Categories: Cyber CrimeMalware

FireEye 2013 Advanced Threat Report on APTs campaigns

FireEye issued the 2013 Advanced Threat Report, the study provides a high-level overview of the computer network attacks by APTs discovered by the company.

 

Today I desire to analyze with you the data proposed by FireEye in the 2013 Advanced Threat Report (ATR), the study provides a high-level overview of the computer network attacks discovered by the company during 2013. The 2013 Advanced Threat Report (ATR) is focused on the advanced persistent threat (APT) evolution, it provides data on means and methods of attackers giving particular attention to state-sponsored operations.

The APT identified are responsible for long term campaigns of high complexity mainly oriented to intellectual property theft, large-scale cyber espionage, and attacks against critical infrastructures.

The experts at FireEye collected data from the FireEye® Dynamic Threat Intelligence™ (DTI) cloud, key figures of the report are:

  • 39,504 cyber security incidents
  • 17,995 malware infections
  • 4,192 APT incidents
  • 22 million command and control (CnC) communications
  • 159 APT-associated malware families
  • CnC infrastructure in 206 countries and territories

The experts discovered control server all over the world, a widespread offensive that caused 4,192 incidents. The top APT targets in 2013 includes of course US, South Korea and Canada, surprising is that Canada with US and Germany was hit by the highest number of unique malware families.

To improve the efficiency of their operations the attackers used zero-day exploits mainly targeting Java solutions and Internet Explorer (IE), during 2013 FireEye discovered eleven zero-day attacks. The attacks against the Microsoft browser were used in watering hole attacks against US government websites.

Education, Finance, and High-Tech were the top overall targets as you can note “Government” is not among the top, despite it was targeted by the highest number of unique malware families.

The APTs are adapting their strategy to the increased level of awareness on security, Web-based attacks, and social media were often preferred to spear phishing.

As remarked in conclusion of the Advanced Threat Report (ATR), the landscape of cyber security is rapidly evolving and it’s hard to predict the evolution of cyber threats despite the following trends appear outlined:

  • Java zero-days may be less prevalent.
  • In 2014, browser-based vulnerabilities may be more common. Attackers are becoming increasingly comfortable with bypassing ASLR in browsers, and, in contrast to Java and classic input-parsing vulnerabilities, the discovery of browser-based zero-days has not slowed.

Enjoy the reading!

Pierluigi Paganini

(Security Affairs –  APT, 2013 Advanced Threat Report (ATR))

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

13 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

20 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.